Give Codeship’s CI/CD Platform a Try

Want to learn more?

This is a republished guest blog post by Edgars Lazdins. He is director at Novo IT – a Web Development Agency from Latvia. You can find his original article here.

Deploying code to Amazon OpsWorks using Codeship

Here, at Novo IT, we love using Amazon OpsWorks for deploying our internal projects. With OpsWorks, we can easily segregate our development environments in Stacks and control how each project gets built via Chef recipes. OpsWorks binds directly with your code repository of choice. When you initiate a new build, it will pull in the latest changes and build them for you.

One task, that is not immediately obvious how to solve, is triggering an OpsWorks build remotely from the command line, or from a build server. This article will explain how we do exactly this, using the excellent Codeship service.

Setting up a new IAM user on AWS

We will make use of the AWS Identity and Access Management (IAM) feature to create a new user for our deployments. This is preferable to using, say your root account, as the new account will only have just enough permissions to carry out OpsWorks deployments.

First, we go to IAM, click on Groups and then Create New Group. This brings up the following screen:

Creating a new AWS IAM group

This group will provide all its members with access to OpsWorks. A name similar to “opsworks-users” makes sense. Once you’ve picked a name, click on Continue and we are presented with a Policy selection screen. At this point, we can select from the list of available policies or create a fully custom policy. In our case, the existing “AWS OpsWorks Full Access” policy is just what we need, so let’s select it:

Select the AWS OpsWorks Full Access Policy

Now that we have an IAM group in place, let’s create a user we will use for deployment. On the main IAM screen, click on Users and Create New Users, this brings up the following screen:

Create a new AWS IAM user

Choose a sensible name and generate your new user. It is very important to download the security credentials for your new user. We will need these for deployment, namely the Access Key ID and the Secret Access Key.

Finally, add the new user to our opsworks-users group, which will give the account access to our OpsWorks deployments. This can be done by first clicking on the user, then going to the Groups tab and clicking on the Add User to Groups button.

Gather information from your AWS account

There are some additional details we will need before we can get to deployment.

First we need to record the Stack ID for the OpsWorks Stack we will be deploying to. We need to go to our Stack and click on the Stack Settings button:

Stack Settings

On the next screen, the Stack ID will be shown under the label OpsWorks ID, let’s record it:

Stack ID

After that we need the Application ID for the application we will be deploying. This can be found on the OpsWorks Application page:

Application ID

Finally, we go to the OpsWorks Instance that we will be deploying to and record it’s OpsWorks ID:

Instance ID

At this point we should have our:

AWS Access Key

Secret Access Key

OpsWorks Stack ID

OpsWorks Application ID

OpsWorks Instance ID

Deploying to Amazon OpsWorks from the Command Line

Before we jump into deploying from Codeship, let’s try to trigger a remote OpsWorks deployment locally from our command line.

Once the command line interface is installed, we need to initialise the AWS_ACCESS_KEY_ID environment variable with our AWS Access Key, and the AWS_SECRET_ACCESS_KEY variable with our Secret Access Key. In Linux we do as follows:

Codeship does not have the AWS CLI installed by default, so the first line will install it on our build server (it only takes a few seconds). The second line will trigger a new deployment on our OpsWorks Stack.

We want to thank Edgars for making this article available on our blog. How do you deploy with Codeship and what are some ways you use our script deployment method? Let us know in the comments!

Subscribe via Email

Over 60,000 people from companies like Netflix, Apple, Spotify and O'Reilly are reading our articles. Subscribe to receive a weekly newsletter with articles around Continuous Integration, Docker, and software development best practices.

We promise that we won't spam you. You can unsubscribe any time.

Join the Discussion

Leave us some comments on what you think about this topic or if you like to add something.